I’ve been running a home server at home running CasaOS for a few months now. I use a wireguard vpn to remote in to use Jellyfin on my phone etc. Basically i want to know if there’s a way i can both hide my public IP (such as using a conventional vpn for torrenting) while still being able to remote in to my server?
I’ve been thinking of running running all my network traffic through my server and setting up some sort of firewall too, but I’m fairly new to this as this was originally just a project I did out of spite after getting rid of Spotify. I’m fairly green when it comes to networking and servers, but I’m otherwise pretty good with computers and can muddle my way through most things.
Any suggestions are greatly appreciated.
towerful@programming.dev 1 day ago
You can’t hide your public IP. It’s public.
I presume your servers sit on your home network, and it’s a basic flat network. And you have a basic home router. And you forward a port on your router to your server that’s running wireguard.
Sound about right?
You already use a VPN to access your homelab/home-servers.
So the only ports you are forwarding (presumably) relate to wireguard. So the only accessable ports are secured sensibly (by wireguard, cause thats what it is).
So you are already doing everything right.
If you want a fancier router/firewall, then OpnSense or OpenWRT are good options.
But I wouldn’t run everything through your server. Let your server serve. And use a router to do network things.
If you really want to hyperconverge onto a single server like that, then I’d do it inside different VMs (probably running on a proxmox host). Have a VM running OpnSense that only does network and routing. Then VMs for other services.
You’re directly coupling your home internet access to the proxmox host and the VM, tho.
Which is why I prefer using a more embedded/dedicated router appliance (I’m a huge fan of mikrotik stuff, but my home network is TP-Link Omada. Tho I think I’ll move to Unifi)
thetrekkersparky@startrek.website 1 day ago
Yeah, sounds about right. Server is on my home network and I’ve forwarded the applicable wireguard ports on my router so I can remote in. I just want to make sure that if I’m running a torrent client on my server or on my phone while I’m connected remotely then I won’t be getting angry letters from my ISP.
towerful@programming.dev 1 day ago
Ah, gotcha.
So… You generally have to pay a VPN company to get access to their VPN exit nodes, and “hide” in among all the other traffic.
There is nothing you can self-host to do that.
ProtonVPN used to be a popular recommendation, however they are slipping out of favour due to behaviour over the last couple of years.
If you are looking for a VPN for anonymity, be careful of “review” articles posted on blogs owned by dodgy VPN providers.
I’m not sure who the “go to” VPN provider is these days.
If you rent a VPS (virtual private server) in order to run your own VPN exit node, and the VPS provider gets a letter regarding illegal activity, then your VPS will be deleted.
I don’t know of a VPS provider that will protect customers privacy WRT legal requests (maybe there are, but they will be exceptionally expensive).
So everyone pays a VPN provider that doesn’t keep logs in order to hide amongst the herd.
In order to make sure that your file downloading system uses a VPN instead of the default gateway for internet access is a huge field.
So you need to describe exactly the software you want to use the VPN exit node, and how it’s installed.
Because the solution could be host firewall, docker networking, isolated networks… Pretty sure there are many others.
talentedkiwi@sh.itjust.works 1 day ago
You can setup a docker compose config that routes all of the arr traffic through a gluetun VPN. Below is an example.
gist.github.com/…/5c2159d4fb8eb33df75bb4700713e24…